Tomorrow’s Apps Will Come From Brilliant (And Risky) Bitcoin Code

For many, bitcoin — the distributed, worldwide, decentralized crypto-currency — is all about money … or, as recent events have shown, about who invented it. Yet the actual innovation brought about by bitcoin is not the currency itself but the platform, which is commonly referred to as the “blockchain” — a distributed cryptographic ledger shared amongst all nodes participating in the network, over which every successfully performed transaction is recorded.

And the blockchain is not limited to monetary applications. Borrowing from the same ideas (though not using the actual peer-to-peer network bitcoin runs on), a variety of new applications have adapted the bitcoin protocol to fulfill different purposes: Namecoin for distributed domain name management; Bitmessage and Twister for asynchronous communication; and, more recently, Ethereum (released only a month ago). Like many other peer-to-peer (P2P) applications, these platforms all rely on decentralized architectures to build and maintain network applications that are operated by the community for the community. (I’ve written before here in WIRED Opinion about one example, mesh networks, which can provide an internet-native model for building community and governance).

Thus, while they enable a whole new set of possibilities, blockchain-based applications also present legal, technical, and social challenges similar to those raised by other P2P applications that came before them, such as BitTorrent, Tor, or Freenet. But some of these challenges haven’t been seen before in the context of traditional P2P networks.

The Bitcoin Protocol Is More ‘Cloud’ Than ‘P2P’

Although all blockchain-based applications are based on a decentralized network architecture, most of these applications distinguish themselves from standard P2P applications in at least two ways:

Users’ data (including personal data) are not stored locally into users’ devices. They subsist “in the cloud”, in the sense that they are hosted in a distributed database — the blockchain in this case — that is shared amongst all users in the network. This means that data is ubiquitous: It can be accessed at anytime and from anywhere, regardless of the user’s device. But the data is also more transparent: All actions or transactions performed by users are recorded on the blockchain and thus publicly available to everyone (although the identity of users can be kept secret and the content of such transactions can of course be encrypted).

Instead of being run locally, blockchain-based applications operate globally. They are deployed on the blockchain itself and are run — in a distributed manner — by relying on the resources provided by all users connected to the network. Although each client runs locally on the user’s device, these applications are constantly available, even when individual devices are turned off (as long as there are enough resources dedicated to them).

In this sense, blockchain-based applications are — in spite of their inherently decentralized nature — more similar to cloud-based services than traditional P2P applications.

However, these applications do significantly differ from traditional cloud-computing applications in that they are autonomous and independent from any central server or authority in charge of regulating or managing the network. Applications are run through an aggregate of individual, peer-to-peer clients that contribute their own resources to the network. In addition to being autonomous, the network is also more resilient and anonymous: no single point of failure, no single point of control.

We need to make sure we don’t exchange the tyranny of large online operators for the “tyranny of code” instead.

As such, the bitcoin platform (or blockchain) allows for the deployment of decentralized applications that combine the benefits of cloud computing — in terms of ubiquity and elasticity — with the benefits of P2P technologies in terms of privacy and anonymity. Even though the blockchain is inherently transparent (as every transaction is recorded on a public ledger), users can have multiple identities that don’t necessarily relate to their real persona.

So What Are the Challenges?

In general, most challenges encountered by decentralized network applications are related to the limited availability of resources and the inherent difficulty of managing and coordinating them.

Long-term sustainability can only be achieved by providing an incentive for users to contribute to the network — for altruistic to selfish reasons — so that there are always a sufficient amount of resources available at any given time. In the case of decentralized applications featuring a specifically designed credit system (such as bittorrent) or assuming the function of a cryptocurrency (such as bitcoin, namecoin, and ethereum), this objective is much easier to achieve to the extent that these platforms provide an additional economic and/or utilitarian incentive for users to contribute to the overall operations of the network.

But blockchain-based applications raise important legal challenges, too. The challenges similar to those raised by traditional P2P networks is that the anonymity inherent in these networks supports or even encourages criminal behaviors and other illicit or reprehensible activities.

In previous decentralized networks, these issues were dealt with by establishing shared or distributed liability amongst all users connected to the network. Even though it’s often difficult to determine identity and assess the degree of responsibility each should be held accountable for, there are always specific individuals to blame. (Ultimately, the difficulty lies in assigning more or less responsibilities to one or more users in the network.)

So what happens when the figure of the “user” itself disappears; when the resulting P2P applications live outside a central authority? Who is liable and accountable? While we can borrow lessons learned from the world of previous P2P applications to respond to some of these challenges, it cannot be denied that blockchain-based applications raise new and important legal issues — and of a completely different kind than those found in traditional P2P architectures.

The Case of Ethereum and Applications Such as Smart Contracts and Distributed Autonomous Corporations

The case of Ethereum is particularly interesting in that its proponents envision the deployment of self-enforcing smart contracts — such as joint savings accounts, financial exchange markets, or even trust funds — as well as autonomous organizations that subsist independently of any moral or legal entity.

Primavera De Filippi

About

Primavera De Filippi is a researcher at CERSA / CNRS / Université Paris II. She is currently a research fellow at the Berkman Center for Internet & Society at Harvard Law School, where she is investigating the legal challenges of distributed online architectures.

Ethereum is a contract validating and enforcing system based on a more sophisticated platform than other derivative cryptocurrencies (it features an internal Turing-complete scripting language that can be used to encode advanced transaction types directly into the blockchain).

As opposed to the other blockchain-based distributed applications described above — from messaging to contracts — Ethereum can be regarded as a kind of distributed operating system: a platform allowing for new applications to be developed upon it, so as to eventually create self-validating contracts and autonomous systems that operate directly on the blockchain.

That’s the revolutionary feature of Ethereum. It’s also its potential problem.

Corporations and economic transactions are fundamentally driven by contracts. By providing the foundation to validate these contracts, Ethereum allows for the deployment of so-called distributed autonomous companies (DACs) or organizations (DAOs). These systems operate on the blockchain with an autonomy of their own. They earn money by charging users for the services they provide (in the example applications cited above, those services are DNS resolution and social networking) so that they can pay others for the resources they need (such as the processing power and bandwidth necessary to run the network).

As the name suggests, DAOs are autonomous entities that subsist independently from any legal or moral entity. After they have been created and deployed onto the internet, they no longer need (nor heed) their creators. Yes, they need to interact with their users, but they are not dependent on any one of them. Smart contracts are automatically enforced by the applications running over the blockchain.

What happens when the figure of the ‘user’ disappears — who is liable and accountable?

Since operations are governed through this system of technical self-regulation, Ethereum introduces a whole new set of legal challenges regarding liability and law enforcement that haven’t been seen before in the context of traditional P2P networks. Indeed, if DAOs are independently operated — neither owned nor controlled by any given entity — who is actually in charge, responsible for, or accountable for their operations? And if their resources cannot be seized (because DAOs have full sovereignty over them), how can they be required to pay damages for their torts?

In the context of cloud computing at least, corporate authority is limited to the extent that online operators like Amazon, Google, or Facebook must abide to the basic tenets of law. In the case of Ethereum, the authority of the code cannot be questioned, nor can it be repealed by the law. In that sense these challenges are actually more similar to the issues emerging with the advent of autonomous agents – such as evolutionary software viruses or (though perhaps limited to the realm of science-fiction for now) intelligent robots with an autonomy on their own — than they are to traditional P2P applications.

Ethereum and other blockchain-based applications might well liberate us from the tyranny of large online operators. We just need to make sure that we don’t exchange that for the “tyranny of code”: rules dictated and automatically enforced by the underlying code of an online platform that only exists in the “ether”…